Chris Watts Tech Analysis discovers Cisco IP Phones Firmware Image Upload Vulnerability - CVE-2015-6403.

Congratulations to Chris for continued efforts in making communications a bit safer.

Cisco SPA30X Series IP Phones, Cisco SPA50X Series IP Phones, and Cisco SPA51X Series IP Phones contain a vulnerability in the TFTP implementation that could allow an unauthenticated, local attacker to load arbitrary firmware images onto the affected device.